CVE-2021-31007Incorrect Default Permissions in Apple IOS AND Ipados

CWE-276Incorrect Default Permissions6 documents2 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 67.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apple IOS AND IpadosApple WatchosApple Ipados+6 more
Timeline
PublishedAug 24
Latest updateDec 13

Description

Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

NVDapple/macos11.011.6.2+1
Appleapple/macos_big_sur11.6.2
NVDapple/tvos< 15.1
NVDapple/ipados< 15.1

📋Vendor Advisories

5
Apple
CVE-2021-31007: macOS Monterey 12.12021-12-13
Apple
CVE-2021-31007: macOS Big Sur 11.6.22021-12-13
Apple
CVE-2021-31007: iOS 15.1 and iPadOS 15.12021-10-25
Apple
CVE-2021-31007: tvOS 15.12021-10-25
Apple
CVE-2021-31007: watchOS 8.12021-10-25